I am becoming increasingly paranoid about transmitting my passwords unencrypted over the internet, especially when I’m away from home and I have to access my PC, so I thought of making an SSH (Secure Shell) tunnel from my laptop to my PC, and it turns out it’s actually quite easy. In case you don’t know what tunneling is, it goes like this: Say you want to connect with your browser (running on your laptop) to your home web server, but you want to do it securely. Instead of connecting to your server with your browser directly, you have the browser connect to the tunneling client (also running on your laptop). The tunneling client securely connects to the tunneling server on your home PC (the tunneling client and server are actually the same program, Stunnel), and the tunneling server connects to your webserver, and noone inbetween can read what’s going on. So, here we go.

Step 1 - Get the necessary files.

Go to http://www.stunnel.org/download/stunnel/win32/ and get the latest Stunnel.exe and OpenSSL.zip files. Extract them in a directory.

Step 2 - Generating the certificate.

Download the stunnel.cnf file attached to this page and save it in the Stunnel directory. Now, run the following command (OpenSSL.exe and stunnel.cnf should be in the directory if you did everything correctly):\ openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem\ OpenSSL will ask you for various details (you’re free to not answer them), and you will have your stunnel.pem file. Now, off to generate the configuration files.

Step 3 - Making the configuration files.

First, you have to decide which port you want stunnel to listen to. Choose something that’s not likely to be used, like 43537. Next, write the client configuration file and save it as client.conf (the RDC section can be named whatever you like, for example “Web”).

Sample client.conf file:

client = yes

[RDC]
connect = myhomeserver:5555
accept = 3389

The accept port is the port you will be connecting to on your laptop. In my case it is 3389 because I want to use Remote Desktop Connection. If you want to connect to a web server it’ll probably be 80. Next, the server.conf file.

Sample server.conf file:

cert = stunnel.pem

[RDC]
accept  = 5555
connect = 3389

Step 4 - Running Stunnel and connecting.

This is the final step. On the home computer, run stunnel server.conf, and on the laptop run stunnel client.conf and connect to localhost with your browser (or Remote Desktop client, or whatever). If everything went well, you are now securely connected to the server.